Trojan horse dupes Skype users, steals usernames, passwords

Skype again warned users of its software that malicious code targeting the voice-over-IP (VoIP) and instant messaging service was on the prowl, the second such alert in the past five weeks.

A Trojan horse posing as a Skype add-on is stealing log-on credentials, the company's online spokesman, Villu Arak, said yesterday in a blog posting. Calling itself Skype Defender, the malware installs if users download and run the executable SkypeDefenderSetup.exe, then launches to display a mock Skype interface complete with username and password fields. Entering valid information, however, only results in the bogus application claiming, "Your Skype name and password were not recognized. Please check and try again."

By that time, the log-on information, usernames and passwords remembered by Internet Explorer have been snatched and sent to the attacker.

The alert came five weeks after Skype acknowledged that the Ramex.a worm was hijacking computers running the VoIP software.

Most security vendors had updated their detection signatures to account for the new threat. "The PWS-Pykse Trojan does not spread by itself," said Pradeep Govindaraju, a McAfee researcher, on the company's security blog today. "It relies on social engineering techniques to trick the victim into executing it and is usually posted onto dodgy sites or forums."

Links to sites hosting the Trojan horse have been passed to some Skype users via instant messaging, other security researchers reported.

"An alert Skype user would notice that it looks very different from the normal log-in window," added Govindaraju, "especially since none of the hyperlinks or options displayed are functional."

In other security news involving Skype, Websense warned of a scam that arrives as a spammed instant message and claims that the recipient's PC is infected with multiple pieces of malware. Coming from a user dubbed "Scan Alert," the message prompts the user to click on a link to download a patch; naturally, the "patch" is no such thing.

Instead, the Web site displays a dialog asserting that the PC is infected and offers to remove the malicious code if the user pays US$19.95 for something called "Windows Software Patch -- Scan & Repair."

The scam is a triple threat, said Websense in a warning posted to its Web site. "This serves as [an] example of spam propagating on Skype, with malware authors utilizing social engineering to pass their malware off as legitimate software and attempting to collect money directly at the same time."

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.

Contact Us

With over 25 years of brand awareness and credibility, Good Gear Guide (formerly PC World Australia), consistently delivers editorial excellence through award-winning content and trusted product reviews.